TUCoPS :: Web :: Blogs :: bx3205.htm

Wordpress Malicious File Execution Vulnerability
Wordpress Malicious File Execution Vulnerability
Wordpress Malicious File Execution Vulnerability


===========================================================0D
    =0D
     Wordpress Malicious File Execution Vulnerability            =0D
           =0D
===========================================================0D
=0D
AUTHOR : CWH Underground=0D
DATE   : 18 May 2008=0D
SITE : www.citecclub.org=0D 
=0D
=0D
#####################################################=0D
 APPLICATION : Wordpress Blog  =0D
 VERSION     : <= 2.5.1   =0D
VENDOR : http://wordpress.org/ =0D 
DOWNLOAD : http://wordpress.org/download=0D 
#####################################################=0D
=0D
=0D
DORK: N/A=0D
=0D
---DESCRIPTION---=0D
	You must login into wordpress with Administrator Roles=0D
	=0D
	1. Write Tabs - You can post title, contents and upload files. In Upload section, You can upload php script such as r57,c99,etc. into systems=0D
and upload's file will appear in http://[target]/wp-content/uploads/[year]/[month]/file.php=0D 
	=0D
	2. If you can't upload your php script: Found message "File type does not meet security guidelines. Try another" =0D
Dont Worry,  Move to "plugins" Tabs and choose some plugins (Akismet, Hello Dolly) to EDIT it. Now you can add php script (r57/c99) into plugins edit section.=0D
Finished it and Back to Plugins Tabs -> Click Active plugins then Get your SHELL....=0D
=0D
Let's Fun...=0D
=0D
=0D
---NOTE/TIP---=0D
=0D
        In Plugins Edit section, Use comment /* ...  */ to keep plugins code before add shells.=0D
=0D
##################################################################=0D
 Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C   =0D
##################################################################

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH